Entity Rescinds Improper Charges for Medical Record Copies to Reflect Reasonable, Cost-Based Fees

Entity Rescinds Improper Charges for Medical Record Copies to Reflect Reasonable, Cost-Based Fees
Covered Entity: Private Practice
Issue: Access

A patient alleged that a covered entity failed to provide him access to his medical records.  After OCR notified the entity of the allegation, the entity released the complainant’s medical records but also billed him $100.00 for a “records review fee” as well as an administrative fee.  The Privacy Rule permits the imposition of a reasonable cost-based fee that includes only the cost of copying and postage and preparing an explanation or summary if agreed to by the individual.  To resolve this matter, the covered entity refunded the $100.00 “records review fee.”



State Hospital Sanctions Employees for Disclosing Patient's PHI Covered Entity: Health Care Provider / General Hospital Issue: Impermissible Disclosure A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient and the patient's spouse within earshot of other patients without making reasonable efforts to prevent the disclosure. Upon learning of the incident, the hospital placed both employees on leave; the orderly resigned his employment shortly thereafter. Among other actions taken to satisfactorily resolve this matter, the hospital took further disciplinary action with the nurse, which included: documenting the employee record with a memo of ...read more



Direct Liability of Business Associates In 2009, Congress enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act,1  making business associates of covered entities directly liable for compliance with certain requirements of the HIPAA Rules. Consistent with the HITECH Act, the HHS Office for Civil Rights (OCR) issued a final rule in 2013 to modify the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules.2   Among other things, the final rule identifies provisions of the HIPAA Rules that apply directly to business associates and for which business associates are directly liable.3 As set forth in the HITECH ...read more



...read more



Private Practice Ceases Conditioning of Compliance with the Privacy Rule Covered Entity: Private Practice Issue: Conditioning Compliance with the Privacy Rule A physician practice requested that patients sign an agreement entitled “Consent and Mutual Agreement to Maintain Privacy.” The agreement prohibited the patient from directly or indirectly publishing or airing commentary about the physician, his expertise, and/or treatment in exchange for the physician’s compliance with the Privacy Rule. A patient’s rights under the Privacy Rule are not contingent on the patient’s agreement with a covered entity. A covered entity’s obligation to comply with all requirements of the Privacy Rule ...read more

April 2026
SuMoTuWeThFrSa
1234
567891011
12131415161718
19202122232425
2627282930

Blog Home

Newest Blog Entries
1/21/25 Understanding Business Associate Agreements

11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims

11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme

11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges

11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6

11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach

11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth

11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations

11/12/22 May a covered entity use or disclose protected health information for litigation?

11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?

Blog Archives
November 2022 (54)
January 2025 (1)

Blog Labels
PPP Fraud (1)
EHR Fraud (1)
HIPAA Enforcement (3)
BAA (4)
HIPAA (2)
ePHI (2)
Covered Entity (40)
Telehealth (1)
Data Breach (1)

 
BAA Facts
  • Who needs a BAA?
  • What if I don't have a BAA
  • BAA Quick FAQ
  • WHY BAA?
  • Planning Your BAA
 Sample BAA
  • Simple BAA
  • Better BAA
  • Best BAA
 Office Locations:

100 Florida Ave
Tampa Fl 33615